Limitations

From FileZilla Wiki
Revision as of 18:07, 29 January 2015 by 188.100.253.217 (talk) (Undo revision 30519 by TIMSUCKS (talk))
Jump to navigationJump to search
Plaintext username and password storage
The FileZilla client records FTP addresses, usernames and passwords in plaintext (unencrypted). This means that a virus or malware can read this information if it infects a computer on which the Filezilla client is installed. Some types of malware specifically look for ftp addresses in plaintext files, and try the text around them as usernames and passwords. It renders the QuickConnect feature unsuitable for use on systems where the risk of a site being hacked as a result of a virus or malware infection on the FTP user's machine is unacceptable. See http://trac.filezilla-project.org/ticket/5530

FTP is a relatively fragile protocol, so it comes with some limitations which are also present in FileZilla.

FileZilla ignores leading space of filename or directory
This happens on FTP servers not supporting the MLSD command. On those servers FileZilla falls back to LIST. Unfortunately the listing format returned by LIST is not standardised. It is impossible to distinguish leading spaces from padding. To solve this issue, simply upgrade to a modern server supporting the MLSD command or refrain from using leading spaces.
Download process goes beyond 100%
Some FTP servers like Microsoft IIS as FTP server have a severe bug. They advertise resume support and accept the resume command, but instead of resuming, they send the complete file again. Unfortunately this cannot be detected client-side. But be aware that there are valid cases in which a transfer can be larger than the reported file size, for example if new data is appended to the file while it is being downloaded (like log files).